svn commit: samba r8917 - in branches/SAMBA_4_0/source:
lib/ldb/common libcli/ldap
idra at samba.org
idra at samba.org
Tue Aug 2 14:04:23 GMT 2005
Author: idra
Date: 2005-08-02 14:04:22 +0000 (Tue, 02 Aug 2005)
New Revision: 8917
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8917
Log:
Better support for extended ldap search operations
Try to follow the RFC where possible and adapt to
openLdap and AD way of handling this structure
Modified:
branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c
branches/SAMBA_4_0/source/libcli/ldap/ldap.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c
===================================================================
--- branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c 2005-08-02 07:26:29 UTC (rev 8916)
+++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c 2005-08-02 14:04:22 UTC (rev 8917)
@@ -187,6 +187,8 @@
return 0;
}
+ /* TODO: handle the "*" case derived from an extended search
+ operation without the attibute type defined */
el = ldb_msg_find_element(msg, tree->u.equality.attr);
if (el == NULL) {
return 0;
Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/ldap/ldap.c 2005-08-02 07:26:29 UTC (rev 8916)
+++ branches/SAMBA_4_0/source/libcli/ldap/ldap.c 2005-08-02 14:04:22 UTC (rev 8917)
@@ -787,36 +787,68 @@
break;
}
case 9: {
- char *oid, *attr, *value;
+ char *oid = NULL, *attr = NULL, *value;
uint8_t dnAttributes;
/* an extended search */
if (!asn1_start_tag(data, ASN1_CONTEXT(filter_tag))) {
goto failed;
}
- asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(1));
- asn1_read_LDAPString(data, &oid);
- asn1_end_tag(data);
- asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(2));
- asn1_read_LDAPString(data, &attr);
- asn1_end_tag(data);
+ /* FIXME: read carefully rfc2251.txt there are a number of 'MUST's
+ we need to check we properly implement --SSS */
+ /* either oid or type must be defined */
+ if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(1))) { /* optional */
+ asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(1));
+ asn1_read_LDAPString(data, &oid);
+ asn1_end_tag(data);
+ }
+ if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(2))) { /* optional */
+ asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(2));
+ asn1_read_LDAPString(data, &attr);
+ asn1_end_tag(data);
+ }
asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(3));
asn1_read_LDAPString(data, &value);
asn1_end_tag(data);
- asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(4));
- asn1_read_uint8(data, &dnAttributes);
- asn1_end_tag(data);
- if ((data->has_error) || (oid == NULL) || (value == NULL)) {
+ /* dnAttributes is marked as BOOLEAN DEFAULT FALSE
+ it is not marked as OPTIONAL but openldap tools
+ do not set this unless it is to be set as TRUE
+ NOTE: openldap tools do not work with AD as it
+ seems that AD always requires the dnAttributes
+ boolean value to be set */
+ if (asn1_peek_tag(data, ASN1_CONTEXT_SIMPLE(4))) {
+ asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(4));
+ asn1_read_uint8(data, &dnAttributes);
+ asn1_end_tag(data);
+ } else {
+ dnAttributes = 0;
+ }
+ if ((oid == NULL && attr == NULL) || (value == NULL)) {
goto failed;
}
- ret->operation = LDB_OP_EXTENDED;
- ret->u.extended.attr = talloc_steal(ret, attr);
- ret->u.extended.rule_id = talloc_steal(ret, oid);
- ret->u.extended.value.data = talloc_steal(ret, value);
- ret->u.extended.value.length = strlen(value);
- ret->u.extended.dnAttributes = dnAttributes;
+ if (oid) {
+ ret->operation = LDB_OP_EXTENDED;
+ /* From the RFC2251: If the type field is
+ absent and matchingRule is present, the matchValue is compared
+ against all attributes in an entry which support that matchingRule
+ */
+ if (attr) {
+ ret->u.extended.attr = talloc_steal(ret, attr);
+ } else {
+ ret->u.extended.attr = talloc_strdup(ret, "*");
+ }
+ ret->u.extended.rule_id = talloc_steal(ret, oid);
+ ret->u.extended.value.data = talloc_steal(ret, value);
+ ret->u.extended.value.length = strlen(value);
+ ret->u.extended.dnAttributes = dnAttributes;
+ } else {
+ ret->operation = LDB_OP_EQUALITY;
+ ret->u.equality.attr = talloc_steal(ret, attr);
+ ret->u.equality.value.data = talloc_steal(ret, value);
+ ret->u.equality.value.length = strlen(value);
+ }
if (!asn1_end_tag(data)) {
goto failed;
}
More information about the samba-cvs
mailing list